Vulnerability Database

308,677

Total vulnerabilities in the database

CVE-2013-2256

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.

Published: Sep 16, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-2256
GHSA: GHSA-5mj6-643f-2g85
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / nova	2013.1	2013.1.3
openstack / nova	2013.2-milestone1	2013.2-milestone1.x
nova	-	2013.1.3

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo